TRAI plans to prevent WiFi abuse

NEW DELHI: With terrorists using unsecured wireless fidelity (WiFi) networks to shoot off emails every time they carry out bomb blasts, TRAI is examining a series of measures to have security processes in place to protect such networks.

According to sources, TRAI began studying open WiFi networks after the Ahmedabad blasts and will soon issue recommendations for proper authentication and maintenance of such networks.

Importantly, following the 21 blasts in Ahmedabad on July 26 which killed 55 and injured 100, TRAI had asked the government to direct all Internet Service Providers (ISPs) to instruct their customers to have ���proper authentication measures��� so that this facility is not misused. ���All ISPs may be instructed to ensure that their subscribers using wireless devices must use effective authentication mechanisms and permit access to internet to only authorised persons using wireless devices,��� the regulator said in its earlier communication to the DoT. The DoT appears not to have acted on the regulator���s suggestion. The Internet Service Providers of India, the industry body representing all ISPs, said that so far the government had not issued any directives to act towards securing open WiFi networks.

ET reported earlier this week that the government is examining the possibility of issuing new norms which will unsecured WiFi connections illegal. Sources also said the new norms may put the onus of educating consumers on telcos and ISPs. Besides, the ISPs will also be asked to ensure that customers access the internet over a WiFi connection only through a password. WiFi networking companies may also be asked to limit WiFi signal right down to a defined radius by installing access points around the signal. The department of telecom and the department of information technology will work with the home ministry and intelligence agencies on this issue. Sources said the Computer Emergency Response Team (CERTC-in) is also helping the government issue new norms on WiFi security. It is not clear if these agencies will await the recommendations of TRAI.

Security agencies have asked the government to ask all ISPs to make password protection mandatory for every customer using a WiFi network. This has also been endorsed by the home ministry.

ISPs say that it is the customer who is to be blamed. ���Internet service providers are taking steps on their own to secure WiFi connections. All ISPs are installing AAA servers and firewalls. But, if you look at the terror mails, they were sent from hacked or open WiFi accounts ��� there is nothing we can do about this. When people take a broadband connection and routers to make their homes and offices WiFi enabled and then leave it open when they are not in use, there is nothing ISPs can do about it,��� Internet Service Providers Association of India president Rajesh Chharia had told ET.